Vulnerability Description
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.
Related Weaknesses (CWE)
References
- http://request.com/
- https://www.exploit-db.com/exploits/48952
- https://www.vulncheck.com/advisories/request-serious-play-f-media-server-unauthe
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5602.php
FAQ
What is CVE-2020-36877?
CVE-2020-36877 is a documented vulnerability. ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upl...
How severe is CVE-2020-36877?
CVSS scoring is not yet available for CVE-2020-36877. Check NVD for updates.
Is there a patch for CVE-2020-36877?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.